¡Cuidado! se traduce al inglés como "Caution!" o "Beware!" dependiendo del contexto.
Experts warn that cybercriminals are using artificial intelligence tools in their phishing attacks.
A recent study has indicated that malicious actors are using OpenAI in spoofing campaigns that are affecting businesses worldwide. The attack is carried out through an email that pretends to be from OpenAI, sending an 'urgent message' to victims, urging them to update their payment information for their subscription via a direct link, a classic phishing technique.
The operation had a wide reach, with a single email sent to over 1,000 users. One of the first signs that it was a fraud was the sender's address, which did not match the official OpenAI domain (e.g., @openai.com). Instead, the message was sent from info@mta.topmarinelogistics.com.
What is alarming is that the email passed DKIM and SPF checks, meaning it was sent from a server authorized to send messages on behalf of the domain. Additionally, the language used in the email is characteristic of phishing attacks, pressuring the user to act urgently and generating a sense of fear.
This is not the only case of malicious campaigns related to artificial intelligence that has been reported in recent months. Earlier in 2024, a Microsoft report revealed that 87% of organizations in the UK feel more vulnerable to cyberattacks due to the increasing use of AI tools. There has also been a rise in deep fake scams and AI-generated voice scams, which have targeted both businesses and consumers. The losses already amount to millions globally due to deep fake fraud, and nearly half of companies have faced this type of scam at some point.
The introduction of machine learning algorithms that can discover and exploit vulnerabilities in software has led to a dramatic increase in the number of cyberattacks. Despite this, research indicates that 90% of cyberattacks still involve some form of human interaction, as is the case with phishing attacks. Therefore, it is crucial that all members of an organization are trained to identify the signs of an attack, which represents the best defense for any company.